Changelog History
Page 4
-
v1.12.0 Changes
October 03, 2017๐ [SECURITY] Clear expired password reset key for account before retrieving password reset key (chanks, jeremyevans) (#43)
โก๏ธ Update migrations to work with Sequel 5 (jeremyevans)
Add require_http_basic_auth configuration method to http_basic_auth feature (jeremyevans) (#41)
Support passing :search_path option to Rodauth.create_database_authentication_functions when using PostgreSQL (jeremyevans)
Support passing options to Rodauth.{create,drop}_database_previous_password_check_functions (jeremyevans)
Support passing options to Rodauth.drop_database_authentication_functions (jeremyevans)
-
v1.11.0 Changes
April 24, 2017Add login_required_error_status, and use it in the jwt feature when custom error statuses are allowed (jeremyevans)
๐ Deal better with time differences between the database and application servers in the password_expiration plugin (jeremyevans)
โ Add rodauth.valid_jwt? method for checking if a valid JWT was submitted with the request (jeremyevans)
-
v1.10.0 Changes
March 23, 2017โ Add Internals Guide (jeremyevans)
Set FeatureConfiguration instances to constants, just like Feature instances (jeremyevans)
๐ง When reopening rodauth configuration in roda subclass, automatically subclass rodauth configuration so it doesn't modify superclass (jeremyevans)
Add verify_login_change feature as an alternative to verify_change_login, where the change doesn't take affect until after verification (jeremyevans) (#31)
Add login_failed_reset_password_request_form for customizing the HTML used for the request password request form on login failures (jeremyevans)
๐ Make reset password request form available without requiring a login attempt, and provide a login field in that case (jeremyevans) (#30)
๐ Make resending verify account email request form available without requiring a login/account creation attempt, and provide a login field in that case (jeremyevans) (#30)
Fix resending verify account email when attempting to create a new account with same login as unverified account when using verify_account_grace_period feature (jeremyevans) (#30)
Fix precompile_rodauth_templates usage with reset_password feature (jeremyevans)
-
v1.9.0 Changes
February 22, 2017๐ Make reset-password use existing password reset key if one is present (jeremyevans) (#26)
Add Roda.precompile_rodauth_templates method, useful to save memory when forking, or when chrooting (jeremyevans)
-
v1.8.0 Changes
January 06, 2017Add json_response_custom_error_status? option to jwt feature to use specific 4xx statuses instead of 400 (jeremyevans)
๐ Use 4xx error statuses for errors, instead of using a 200 success status (jeremyevans)
-
v1.7.0 Changes
November 22, 2016- ๐ Make reset password, unlock account, and verify account pages not leak keys to external servers via Referer header (jeremyevans)
-
v1.6.0 Changes
October 24, 2016Add http_basic_auth feature (TiagoCardoso1983, jeremyevans) (#12)
๐ Move login hooks from login feature to base, to be usable by other features (jeremyevans)
๐ Make reset_password feature not attempt to render a template in json-only mode (jeremyevans) (#11)
๐ Memoize jwt_payload in jwt feature, as it may be called more than once (mwpastore) (#10)
Add jwt_decode_opts configuration method to jwt feature, for specifying options to JWT.decode, allowing for JWT claim verification (mwpastore, jeremyevans) (#9)
Add jwt_session_hash configuration method to jwt feature, for modifying the session information stored in the JWT hash, allowing for setting JWT claims (mwpastore, jeremyevans) (#9)
Add jwt_session_key configuration method to jwt feature, for nesting the session under a key in the JWT, avoiding reserve claim names (mwpastore, jeremyevans) (#9)
Add jwt_symbolize_deeply? configuration method to jwt feature, for symbolizing nested keys in session hash when using JWT (mwpastore) (#9)
-
v1.5.0 Changes
September 22, 2016๐ป Return error instead of raising exception in the jwt feature if an invalid jwt format is submitted in the Authorization header (jeremyevans)
Add jwt_authorization_remove configuration method to jwt feature, for regexp to remove from Authorization header before JWT processing (jeremyevans)
Add jwt_authorization_ignore configuration method to jwt feature, for regexp to skip processing of JWTs in Authorization header (jeremyevans)
Add json_accept_regexp configuration method to jwt feature, for the regexp used to match against the Accept header (jeremyevans)
โ Add use_jwt? configuration method to jwt feature, for whether to use the JWT token or rack session for authentication information (jeremyevans)
Add jwt_check_accept? configuration method to jwt feature, to return 406 error if Accept header is present and json is not accepted (jeremyevans)
Add json_response_content_type configuration method to jwt feature, for the content type to set for json responses, default to application/json (jeremyevans)
Add json_request_content_type_regexp configuration method to the jwt feature, for the regexp that recognize a request as a json request (jeremyevans)
โ Add session_jwt method to the jwt feature, which returns a string for the encoded JWT for the current session (jeremyevans)
If the only_json? setting is true, return a 400 error if the request content type to a rodauth endpoint is not json (jeremyevans)
0๏ธโฃ The only_json? setting in the jwt feature is now only true by default if :json=>:only plugin option was used (jeremyevans)
Don't have jwt feature break if HTTP Basic/Digest authentication is used (jeremyevans)
โ Add template_opts configuration method, for overriding view/method options (jeremyevans)
-
v1.4.0 Changes
August 18, 2016- Add update_password_hash feature, for updating the password hash when the hash cost changes (jeremyevans)
-
v1.3.0 Changes
July 19, 2016- Add login_maximum_length, defaulting to 255 (jeremyevans)